Rule Update
21-056 (December 14, 2021)
Publish date: December 14, 2021
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Storm Nimbus
1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)
SolarWinds Network Performance Monitor
1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
Web Application Ruby Based
1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)
Web Client Common
1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Web Server SharePoint
1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)
Web Server Squid
1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)
Zoho ManageEngine
1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
Integrity Monitoring Rules:
1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache Storm Nimbus
1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)
SolarWinds Network Performance Monitor
1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
Web Application Ruby Based
1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)
Web Client Common
1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Web Server SharePoint
1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)
Web Server Squid
1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)
Zoho ManageEngine
1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
Integrity Monitoring Rules:
1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
- Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more